feat!: move registry-url to input

registry-url is not secret. move to input secret registry-url is deprecated. use input registry-url instead
nrkno · Jun 5, 2023 · 5fb083a · 5fb083a
1 parent 7974caa
commit 5fb083a
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 9 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -13,11 +13,11 @@ jobs:
     uses: ./.github/workflows/workflow.yaml
     with:
       runs-on: "['ubuntu-latest']"
+      registry-url: cr.example.com
       name: test
       context: ./test/image-ok
       push: false
     secrets:
-      registry-url: cr.example.com
       registry-username: ""
       registry-password: ""
       token: ${{ secrets.GITHUB_TOKEN }}
@@ -26,12 +26,12 @@ jobs:
     uses: ./.github/workflows/workflow.yaml
     with:
       runs-on: "['ubuntu-latest']"
+      registry-url: cr.example.com
       name: test
       context: ./test/image-vulnerable
       push: false
       trivy-error-is-success: true
     secrets:
-      registry-url: cr.example.com
       registry-username: ""
       registry-password: ""
       token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -21,6 +21,10 @@ on:
         type: boolean
         default: false
         description: Tag a successfully built image with the tag latest.
+      registry-url:
+        type: string
+        description: URL to the container registry.
+        required: true
       runs-on:
         type: string
         default: "['self-hosted']"
@@ -46,9 +50,6 @@ on:
         default: MEDIUM,HIGH,CRITICAL
         description: Comma-separated list of severities to consider an error.
     secrets:
-      registry-url:
-        description: URL to the container registry.
-        required: true
       registry-username:
         description: Username for the container registry.
         required: true
@@ -59,6 +60,7 @@ on:
         description: GitHub auth token.
         required: true
     outputs:
+      # TODO: add registry-url to image output
       image-digest:
         description: The image digest for this build.
         value: ${{ jobs.build.outputs.image-digest }}
@@ -105,7 +107,7 @@ jobs:
         name: Docker login
         uses: docker/login-action@v2
         with:
-          registry: ${{ secrets.registry-url }}
+          registry: ${{ inputs.registry-url }}
           username: ${{ secrets.registry-username }}
           password: ${{ secrets.registry-password }}
       -
@@ -189,7 +191,7 @@ jobs:
         id: meta
         with:
           images: |
-            ${{ secrets.registry-url }}/${{ inputs.name }}
+            ${{ inputs.registry-url }}/${{ inputs.name }}
           tags: |
             type=ref,event=pr
             type=raw,value=${{ github.sha }}
@@ -199,7 +201,7 @@ jobs:
         name: Docker login
         uses: docker/login-action@v2
         with:
-          registry: ${{ secrets.registry-url }}
+          registry: ${{ inputs.registry-url }}
           username: ${{ secrets.registry-username }}
           password: ${{ secrets.registry-password }}
       -

diff --git a/README.md b/README.md
@@ -11,13 +11,13 @@ jobs:
     uses: nrkno/github-workflow-docker-build-push/.github/workflows/workflow.yaml@v1
     with:
       runs-on: "['self-hosted', 'linux']"
+      registry-url: registry-url-string
       name: my-project-name/my-image-name
       # Tag with 'latest' tag when merging to main
       tag-latest: ${{ github.ref == 'refs/heads/main' }}
       # Only push when merging to main
       push: ${{ github.ref == 'refs/heads/main' }}
     secrets:
-      registry-url: secret-string
       registry-username: secret-string
       registry-password: secret-string
       token: ${{ secrets.GITHUB_TOKEN }}